Note that if a task other than init violates the seccomp policy, we cannot catch that. Init will catch it and (if it feels like it) log it.
Signed-off-by: Serge Hallyn <[email protected]> --- src/lxc/start.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lxc/start.c b/src/lxc/start.c index 2faad8e..f44be96 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1050,6 +1050,9 @@ int __lxc_start(const char *name, struct lxc_conf *conf, DEBUG("Container rebooting"); handler->conf->reboot = 1; break; + case SIGSYS: /* seccomp */ + DEBUG("Container violated its seccomp policy"); + break; default: DEBUG("unknown exit status for init: %d", WTERMSIG(status)); break; -- 1.9.0 _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
